CVE-2023-28479

{"id": "CVE-2023-28479", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-08-15T14:15:09.770", "references": [{"url": "https://neo4j.com/security/cve-2023-28479/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries."}, {"lang": "es", "value": "Se ha descubierto un problema en Tigergraph Enterprise 3.7.0. La plataforma TigerGraph instala una cadena de herramientas de desarrollo completa en cada despliegue de TigerGraph. Un atacante puede compilar nuevos ejecutables en cada sistema Tigergraph y modificar los binarios del sistema y de Tigergraph."}], "lastModified": "2023-08-19T00:44:22.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "BA582564-26E0-465D-A957-0EFD55AC3D03"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}